Testing Internal DNS server for efficiency

We currently have four DNS servers ( windows 2003 AD environment )
three are at our primary site and on the 192.168.1.X network
one is at a remote site and on the 192.168.20.X network
one of the servers at the primary site will be moved to another remote site and will be on the 192.168.10.X network in the near future.
All offices are connected via an MPLS network

Now the question.
I do not seem to have problems on my network,  but i am a little concerned that maybe DNS isnt setup for optmal performance.  Are there any tools to run on my network that would tell me whether my DNS is setup correctly ?

I'm really just trying to think of ways to imrove / analyze / optimize my network before we have issues.

Maybe not a tool to run but exactly what commands to run and what type of results i should be looking for

Any assistance is appreciated
 
EkuskowskiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
You can use dcdiag /test:DNS there are a lot of switches covered here for the DNS tests  http://technet.microsoft.com/de-de/library/cc776854(WS.10).aspx

DNSLint is another tool than can be used to troubleshoot DNS issues  http://support.microsoft.com/default.aspx/kb/321046?p=1

Are your DNS servers also DCs (AD Integrated DNS)

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EkuskowskiAuthor Commented:
Yes the DNS servers are also DCs

dcdiag /test:DNS results
all pass except i get a warning " Warning: Dynamic update is enabled on the zone but not secure" should i be concerned about this ?

I also ran : DCDIAG /TEST:CheckSecurityError and came up with no errors

I ran : DCDIAG /TEST:DNS /V /E and received the dynamic update warning for all of my dns/ad servers and one other error which is
DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
               [Error details: 1460 (Type: Win32 - Description: This operation r
eturned because the timeout period expired.)]

I'll have to investigate this one.


I downloaded DNSLint but did not run any test yet : should i be concerned with running dnslint during business hours






0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.